5799N/A * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This class computes the "Message Authentication Code" (MAC) for each 0N/A * SSL message. This is essentially a shared-secret signature, used to 0N/A * provide integrity protection for SSL messages. The MAC is actually 0N/A * one of several keyed hashes, as associated with the cipher suite and 0N/A * protocol version. (SSL v3.0 uses one construct, TLS uses another.) 5799N/A * NOTE: MAC computation is the only place in the SSL protocol that the 0N/A * sequence number is used. It's also reset to zero with each change of 0N/A * a cipher spec, so this is the only place this state is needed. 0N/A * @author David Brownell 0N/A * @author Andreas Sterbenz 0N/A // Value of the null MAC is fixed 0N/A private static final byte nullMAC[] =
new byte[
0];
0N/A // internal identifier for the MAC algorithm 0N/A // stuff defined by the kind of MAC algorithm 0N/A // byte array containing the additional information we MAC in each record 0N/A // sequence number + record type + + record length 0N/A // sequence number + record type + protocol version + record length 0N/A // offset of record type in block 0N/A // offset of protocol version number in block (TLS only) 0N/A * Set up, configured for the given SSL/TLS MAC type and version. 0N/A * Returns the length of the MAC. 5799N/A * Returns the hash function block length of the MAC alorithm. 5799N/A * Returns the hash function minimal padding length of the MAC alorithm. 0N/A * Computes and returns the MAC for the data in this byte array. 0N/A * @param type record type 0N/A * @param buf compressed record on which the MAC is computed 0N/A * @param offset start of compressed record data 0N/A * @param len the size of the compressed record 5799N/A * @param isSimulated if true, simulate the the MAC computation 0N/A * Compute and returns the MAC for the remaining data 0N/A * in this ByteBuffer. 0N/A * On return, the bb position == limit, and limit will 0N/A * @param type record type 0N/A * @param bb a ByteBuffer in which the position and limit 0N/A * demarcate the data to be MAC'd. 5799N/A * @param isSimulated if true, simulate the the MAC computation 2998N/A * Check whether the sequence number is close to wrap 2998N/A * Sequence numbers are of type uint64 and may not exceed 2^64-1. 2998N/A * Sequence numbers do not wrap. When the sequence number is near 2998N/A * to wrap, we need to close the connection immediately. 2998N/A * Conservatively, we don't allow more records to be generated 2998N/A * when there are only 2^8 sequence numbers left. 2998N/A * Check whether to renew the sequence number 2998N/A * Sequence numbers are of type uint64 and may not exceed 2^64-1. 2998N/A * Sequence numbers do not wrap. If a TLS 2998N/A * implementation would need to wrap a sequence number, it must 2998N/A * Conservatively, we should ask for renegotiation when there are 2998N/A * only 2^48 sequence numbers left. 0N/A // increment the sequence number in the block array 0N/A // it is a 64-bit number stored in big-endian format 5799N/A // MUST NOT increase the sequence number for a simulated computation.